CVE-2026-9136

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

PT-2026-42247

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.38 Description An issue exists in the ShadowAttribute proposal creation workflow where the add action accepts user-controlled request data without removing the id field before saving the record. Since the underlying...

EUVD-2023-1247

Malicious code in bioql PyPI...

CVE-2023-30542

OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be...

Malicious user can prevent the creation of a proposal

Lines of code Vulnerability details Vulnerability Detail The LivepeerGovernor inherits OpenZeppelin's GovernorUpgradeable contract. The GovernorUpgradeable utilizes the hashProposal function to generate a unique hash when creating a new proposal. The hash depends solely on input parameters:...

CVE-2023-34234 Governor proposal creation may be blocked by frontrunning in OpenZeppelin

OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the...

GovernorCompatibilityBravo may trim proposal calldata

Impact The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would...

GHSA-93HQ-5WGC-JC82 GovernorCompatibilityBravo may trim proposal calldata

Impact The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would...

AddresslistVoting.removeAddresses txn can be monitored to create proposal and cast vote.

Lines of code Vulnerability details Impact The AddresslistVoting contract contains removeAddresses function to remove the addresses from address list. function removeAddresses address calldata members external authUPDATEADDRESSESPERMISSIONID removeAddressesmembers; emit MembersRemovedmembers:...

No commitment to data passed as input to the init contract during the execution of the diamond cut proposal

Lines of code Vulnerability details Description There is a function executeDiamondCutProposal in the DiamondCutFacet contract. It checks that proposal data passed as input to this call is equal to the data that is declared when the creation of this proposal using the following logic: require...

NFT flashloan against governance voting

Lines of code Vulnerability details Impact Specifically, to support a proposal, the voting power is counted at the time of the proposal creation time. However, there are multiple services that support NFT flashloan, e.g., NFTuloan . Since the voting power is counted as the proposal creation time,...

NounsDAOLogicV2's state() and proposals() will use initial dynamic params for all V1 proposals

Lines of code Vulnerability details state and proposals call quorumVotesid that utilize initial dynamic params for all V1 proposals by misusing 0 as a proposal creation block. I.e. new field is referenced while it is zero for all V1 proposals. This way all V1 proposals will use the same initial s...

While it is allowed to create only one proposal per person, you can still create more

Lines of code Vulnerability details Impact After the creation of one proposal user can send his tokens to another persondelegate votes, so another person will create new proposal using the first user's proposal threshold amount. In propose method there is a condition that one user can create only...

User should not be able to use more votes that he has at the moment of voting

Lines of code Vulnerability details Impact In castVoteInternal function user can vote. And the votes that he has is calculated using the checkpoint when the proposal was created. This is not correct for few reasons. 1.Suppose in time t1 the proposal was created and in that time user1 had 2 tokens...

Voting power determined by proposal creation block enables inherent voting manipulation

Lines of code Vulnerability details Impact The voting power for a Nouns holder for a given proposal is calculated as the number of Nouns held at the time of proposal creation. This creates an opportunity for voting manipulation by the proposal creator because they can specifically choose the time...